View Full Version : Virtumonde???? Please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:41, on 2008-08-16
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqQkJaa.dll,#1
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [a018146e] rundll32.exe "C:\Users\Piotr\AppData\Local\Temp\gllmebth.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Piotr\AppData\Local\Temp\tuvTnNDu.dll,#1
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BMa32b27f2] Rundll32.exe "C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.networld.pl
O15 - Trusted Zone: http://poczta.onet.pl
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EDGE helper (edgesrv) - Unknown owner - C:\Program Files\EDGE Dialer\edgesrv.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11296 bytes
Hi dajver
Please download Malwarebytes' Anti-Malware (http://www.malwaresupport.com/mbam/program/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply along with a fresh HijackThis log.
Helo Shaba
Thanks for the reply, here are the new Mbam and HJT logs:
Malwarebytes' Anti-Malware 1.25
Wersja bazy definicji: 1065
Windows 6.0.6001 Service Pack 1
14:58:21 2008-08-18
mbam-log-08-18-2008 (14-58-21).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 144717
Upłynęło: 2 hour(s), 2 minute(s), 22 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 2
Zainfekowane klucze rejestru: 4
Zainfekowane wartości rejestru: 4
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 4
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
C:\Users\Piotr\AppData\Local\Temp\gllmebth.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll (Trojan.Vundo) -> Delete on reboot.
Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\CLSID\{109be732-8f8c-49d4-a3f4-fedcac7f0a25} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a018146e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bma32b27f2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
C:\Users\Piotr\AppData\Local\Temp\gllmebth.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Piotr\AppData\Local\Temp\nnNDUNdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Filmy\PocketPC Definitive Collection 2004\Utilities\Total Input Elite Edition v2.0.6\ligt\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:06, on 2008-08-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\cos.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BMa32b27f2] Rundll32.exe "C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.networld.pl
O15 - Trusted Zone: http://poczta.onet.pl
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EDGE helper (edgesrv) - Unknown owner - C:\Program Files\EDGE Dialer\edgesrv.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11056 bytes
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
That means that Malwarebytes Anti-Malware needs that you reboot computer.
Please do that and post a fresh HijackThis log afterwards :)
I did reboot computer before last post. :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:24, on 2008-08-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BMa32b27f2] Rundll32.exe "C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.networld.pl
O15 - Trusted Zone: http://poczta.onet.pl
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EDGE helper (edgesrv) - Unknown owner - C:\Program Files\EDGE Dialer\edgesrv.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11040 bytes
Thanks for the info.
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: Rundll32.exe "C:\Users\Piotr\AppData\Local\Temp\nvbnstlf.dll",s
Close all windows including browser and press fix checked.
Reboot.
Download OTScanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
In the [b]Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Post:
- a fresh HijackThis log
- OTScanIt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:40, on 2008-08-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.networld.pl
O15 - Trusted Zone: http://poczta.onet.pl
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EDGE helper (edgesrv) - Unknown owner - C:\Program Files\EDGE Dialer\edgesrv.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 10721 bytes
OTScanIt logfile created on: 2008-08-18 17:33:06
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\Piotr\Desktop\OTScanIt
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 97,12% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 58,72 Gb Free Space | 50,43% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 18,37 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PIOTR-PC
Current User Name: Piotr
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 2007-01-05 02:18:59 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 2008-06-12 19:17:05 | Attr = ]
asldrsrv.exe -> %ProgramFiles%\ATK Hotkey\AsLdrSrv.exe -> [Ver = 1.0.2.0 | Size = 94208 bytes | Modified Date = 2007-02-06 03:13:14 | Attr = ]
gfnexsrv.exe -> %ProgramFiles%\ATKGFNEX\GFNEXSrv.exe -> [Ver = 1, 0, 0, 8 | Size = 94208 bytes | Modified Date = 2007-08-08 09:08:40 | Attr = ]
asghost.exe -> %ProgramFiles%\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe -> Cognizance Corporation [Ver = 2.5.0.057 | Size = 65536 bytes | Modified Date = 2007-02-06 19:29:59 | Attr = R ]
hcontrol.exe -> %ProgramFiles%\ATK Hotkey\HControl.exe -> ATK0100 [Ver = 1043, 2, 31, 83 | Size = 229376 bytes | Modified Date = 2007-08-23 20:18:24 | Attr = ]
wcourier.exe -> %ProgramFiles%\Wireless Console 2\wcourier.exe -> [Ver = 2, 0, 10, 0 | Size = 1040384 bytes | Modified Date = 2007-07-06 01:53:44 | Attr = ]
acmon.exe -> %ProgramFiles%\ASUS\Splendid\ACMON.exe -> ATK [Ver = 1, 0, 8, 0 | Size = 851968 bytes | Modified Date = 2007-11-13 19:17:14 | Attr = ]
batterylife.exe -> %ProgramFiles%\P4G\BatteryLife.exe -> ATK [Ver = 1, 0, 0, 8 | Size = 180224 bytes | Modified Date = 2007-09-01 02:38:12 | Attr = ]
alu.exe -> %ProgramFiles%\ASUS\ASUS Live Update\ALU.exe -> [Ver = 1, 0, 0, 1 | Size = 51768 bytes | Modified Date = 2007-11-30 20:20:44 | Attr = ]
acengsvr.exe -> %SystemRoot%\System32\ACEngSvr.exe -> ASUSTeK [Ver = 1, 0, 0, 4 | Size = 155648 bytes | Modified Date = 2005-07-07 00:43:42 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
sm56hlpr.exe -> %ProgramFiles%\Motorola\SMSERIAL\sm56hlpr.exe -> Motorola Inc. [Ver = 6.12.11 | Size = 655360 bytes | Modified Date = 2007-08-28 05:48:39 | Attr = ]
sensorsrv.exe -> %ProgramFiles%\ASUS\SmartLogon\sensorsrv.exe -> ASUS [Ver = 1, 0, 4, 1 | Size = 297528 bytes | Modified Date = 2007-12-26 23:38:32 | Attr = ]
dmedia.exe -> %ProgramFiles%\ASUS\ATK Media\DMedia.exe -> ASUSTeK Computer INC. [Ver = 1, 16, 0, 0 | Size = 61440 bytes | Modified Date = 2006-11-02 17:27:32 | Attr = ]
atkosd2.exe -> %ProgramFiles%\ATKOSD2\ATKOSD2.exe -> [Ver = 6.64.1.5 | Size = 7708672 bytes | Modified Date = 2007-07-03 19:48:02 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 92 | Size = 4702208 bytes | Modified Date = 2007-09-19 08:50:43 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1029416 bytes | Modified Date = 2007-12-06 12:12:43 | Attr = ]
atkosd.exe -> %ProgramFiles%\ATK Hotkey\ATKOSD.exe -> [Ver = 1043, 2, 15, 82 | Size = 2441216 bytes | Modified Date = 2007-08-08 20:03:42 | Attr = ]
asscrpro.exe -> %SystemRoot%\ASScrPro.exe -> [Ver = | Size = 33136 bytes | Modified Date = 2008-05-13 11:20:29 | Attr = ]
kbfiltr.exe -> %ProgramFiles%\ATK Hotkey\KBFiltr.exe -> [Ver = 1, 0, 0, 2 | Size = 106496 bytes | Modified Date = 2007-08-15 20:20:16 | Attr = ]
wdc.exe -> %ProgramFiles%\ATK Hotkey\WDC.exe -> [Ver = 1, 0, 0, 8 | Size = 147456 bytes | Modified Date = 2007-08-15 20:38:30 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
ifxspmgt.exe -> %SystemRoot%\System32\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 677408 bytes | Modified Date = 2007-02-26 05:29:33 | Attr = ]
ifxtcs.exe -> %SystemRoot%\System32\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 849440 bytes | Modified Date = 2007-02-22 16:12:49 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 2007-06-28 11:31:38 | Attr = ]
ifxpsdsv.exe -> %SystemRoot%\System32\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 140832 bytes | Modified Date = 2007-02-22 16:32:29 | Attr = ]
spmgr.exe -> %ProgramFiles%\ASUS\NB Probe\SPM\spmgr.exe -> [Ver = 1, 0, 0, 1 | Size = 125496 bytes | Modified Date = 2007-08-03 21:24:54 | Attr = ]
sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 2008-01-28 11:43:32 | Attr = ]
ifxuagui.exe -> %SystemRoot%\System32\IfxUAGUI.exe -> Infineon Technologies AG [Ver = 3.00.1239.00 | Size = 546336 bytes | Modified Date = 2007-01-23 14:02:43 | Attr = ]
psdrt.exe -> %ProgramFiles%\Infineon\Security Platform Software\PSDrt.exe -> Infineon Technologies AG [Ver = 3.00.1239.00 | Size = 181792 bytes | Modified Date = 2007-01-23 14:15:13 | Attr = ]
sptna.exe -> %ProgramFiles%\Infineon\Security Platform Software\SpTNA.exe -> Infineon Technologies AG [Ver = 3.00.1239.00 | Size = 661024 bytes | Modified Date = 2007-01-23 14:00:33 | Attr = ]
syntphelper.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPHelper.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 95528 bytes | Modified Date = 2007-12-06 12:12:57 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr = ]
wmiadap.exe -> \?\%SystemRoot%\system32\wbem\WMIADAP.EXE -> File not found
[Win32 Services - Non-Microsoft Only]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 2008-06-12 19:17:05 | Attr = ]
(ASLDRService) ASLDR Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ATK Hotkey\AsLdrSrv.exe -> [Ver = 1.0.2.0 | Size = 94208 bytes | Modified Date = 2007-02-06 03:13:14 | Attr = ]
(ATKGFNEXSrv) ATKGFNEX Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ATKGFNEX\GFNEXSrv.exe -> [Ver = 1, 0, 0, 8 | Size = 94208 bytes | Modified Date = 2007-08-08 09:08:40 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
(CertPropSvc) Propagacja certyfikatu [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 2007-01-12 21:39:59 | Attr = ]
(DcomLaunch) Program uruchamiający proces serwera DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(edgesrv) EDGE helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\EDGE Dialer\edgesrv.exe -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(IFXSpMgtSrv) Security Platform Management Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\IFXSPMGT.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 677408 bytes | Modified Date = 2007-02-26 05:29:33 | Attr = ]
(IFXTCS) Trusted Platform Core Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\IFXTCS.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 849440 bytes | Modified Date = 2007-02-22 16:12:49 | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 2007-01-14 01:10:59 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 79136 bytes | Modified Date = 2007-06-28 11:31:38 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 2007-09-12 18:27:24 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 17:38:31 | Attr = ]
(MSDTC) Koordynator transakcji rozproszonych [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 9, 1, 0 | Size = 792112 bytes | Modified Date = 2007-04-13 21:09:56 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,13,1 | Size = 271920 bytes | Modified Date = 2007-06-01 10:21:30 | Attr = ]
(PersonalSecureDriveService) Personal Secure Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\IfxPsdSv.exe -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 140832 bytes | Modified Date = 2007-02-22 16:32:29 | Attr = ]
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> Safer Networking Ltd. [Ver = 1, 0, 0, 11 | Size = 810320 bytes | Modified Date = 2008-01-28 11:43:32 | Attr = ]
(Schedule) Harmonogram zadań [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Zasady usuwania karty inteligentnej [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(spmgr) spmgr [Win32_Own | Auto | Running] -> %ProgramFiles%\ASUS\NB Probe\SPM\spmgr.exe -> [Ver = 1, 0, 0, 1 | Size = 125496 bytes | Modified Date = 2007-08-03 21:24:54 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 2008-06-11 15:59:38 | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 2007-01-05 02:18:59 | Attr = ]
(TrustedInstaller) Instalator modułów systemu Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(WdiServiceHost) Host usługi diagnostyki [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Host systemu diagnostyki [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:00 | Attr = ]
ASUS Camera ScreenSaver -> %SystemRoot%\ASScrProlog.exe [C:\Windows\ASScrProlog.exe] -> [Ver = | Size = 39480 bytes | Modified Date = 2008-05-13 11:19:58 | Attr = ]
ASUS Screen Saver Protector -> %SystemRoot%\ASScrPro.exe [C:\Windows\ASScrPro.exe] -> [Ver = | Size = 33136 bytes | Modified Date = 2008-05-13 11:20:29 | Attr = ]
ATKMEDIA -> %ProgramFiles%\ASUS\ATK Media\DMedia.exe [C:\Program Files\ASUS\ATK Media\DMEDIA.EXE] -> ASUSTeK Computer INC. [Ver = 1, 16, 0, 0 | Size = 61440 bytes | Modified Date = 2006-11-02 17:27:32 | Attr = ]
ATKOSD2 -> %ProgramFiles%\ATKOSD2\ATKOSD2.exe ["C:\Program Files\ATKOSD2\ATKOSD2.exe"] -> [Ver = 6.64.1.5 | Size = 7708672 bytes | Modified Date = 2007-07-03 19:48:02 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 2007-01-09 23:58:59 | Attr = ]
CognizanceTS -> %ProgramFiles%\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll [rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule] -> Cognizance Corporation [Ver = 1.0.0.008 | Size = 17920 bytes | Modified Date = 2003-12-21 23:11:59 | Attr = R ]
IFXSPMGT -> %SystemRoot%\System32\IFXSPMGT.exe [C:\Windows\system32\ifxspmgt.exe /NotifyLogon] -> Infineon Technologies AG [Ver = 3.00.1239.05 | Size = 677408 bytes | Modified Date = 2007-02-26 05:29:33 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-01 15:57:24 | Attr = ]
NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.6764 | Size = 8534560 bytes | Modified Date = 2008-02-05 00:00:59 | Attr = ]
NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.6764 | Size = 88608 bytes | Modified Date = 2008-02-05 00:00:59 | Attr = ]
NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.6764 | Size = 92704 bytes | Modified Date = 2008-02-05 00:00:59 | Attr = ]
PowerForPhone -> %ProgramFiles%\P4P\P4P.exe ["C:\Program Files\P4P\P4P.exe"] -> File not found
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 92 | Size = 4702208 bytes | Modified Date = 2007-09-19 08:50:43 | Attr = ]
Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe [C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun] -> [Ver = 2, 8, 0, 0 | Size = 520192 bytes | Modified Date = 2007-01-26 17:30:30 | Attr = ]
Skytel -> %SystemRoot%\SkyTel.exe [Skytel.exe] -> Realtek Semiconductor Corp. [Ver = 2.0.1.20 | Size = 1826816 bytes | Modified Date = 2007-08-03 07:22:01 | Attr = ]
SMSERIAL -> %ProgramFiles%\Motorola\SMSERIAL\sm56hlpr.exe [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe] -> Motorola Inc. [Ver = 6.12.11 | Size = 655360 bytes | Modified Date = 2007-08-28 05:48:39 | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 2008-01-29 17:38:31 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1029416 bytes | Modified Date = 2007-12-06 12:12:43 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> Hewlett-Packard Company [Ver = 1.8.13.1 | Size = 451872 bytes | Modified Date = 2007-06-20 12:49:10 | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
APSHook.dll -> %SystemRoot%\System32\APSHook.dll -> Cognizance Corporation [Ver = 2.0.0.015 | Size = 56832 bytes | Modified Date = 2006-07-12 10:54:59 | Attr = R ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 2008-01-19 09:33:10 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 2008-01-19 09:33:33 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 2008-04-24 06:58:20 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 2008-01-19 09:32:57 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Sterownik stacji dysków CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 2008-01-19 07:49:51 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________AS02____\5&17525fb4&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_EH3062Y&Prod_YHL159Z&Rev_1.01\5&36e5972&0&000000 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 2006-09-18 23:43:36 | Attr = ]
AutoMapaSetupLog.txt [07/22/08 17:23:44 ? (*****************************************************): *********************** | 07/22/08 17:23:44 ? (***********************START*************************): *********************** | 07/22/08 17:23:44 INFO (CWizInstOrDeinstPage::OnWizardNext): Wybrano opcję instalacja | 07/22/08 17:23:47 INFO (CWizEulaPage::OnWizardNext): Zaakceptowano warunki | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Język: Polski 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Język: English 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Język: Deutsch 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Skórka: AutoMapa 0 1 0 0 57 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Marzena (Polski) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Kinga (Polski) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Mikołaj (Polski) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: K.Hołowczyc (Polski) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Erica (English) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Mike (English) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Kamila (Deutsch) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Głos: Alexander (Deutsch) 0 1 0 0 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka kontroli przebudzenia 0 1 0 \Windows 1 1 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka na ekranie Today 0 1 0 \Windows 1 12 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka odbudowy instalacji 0 1 0 ..\2577 0 20 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Dodatek: Dodatkowe ikony 0 1 0 Icons 0 26 | 07/22/08 17:23:52 INFO (CInstallationInterface::BuildComponents): Dodatek: Dodatkowe komunikaty 0 1 0 Voices 0 6 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Język: Polski 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Język: English 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Język: Deutsch 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Skórka: AutoMapa 1 1 0 0 \Storage Card\AutoMapa EU\ 57 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Marzena (Polski) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Kinga (Polski) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Mikołaj (Polski) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: K.Hołowczyc (Polski) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Erica (English) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Mike (English) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Kamila (Deutsch) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Głos: Alexander (Deutsch) 1 1 0 0 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka kontroli przebudzenia 1 1 0 \Windows 1 \Storage Card\AutoMapa EU\ 1 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka na ekranie Today 1 1 0 \Windows 1 \Storage Card\AutoMapa EU\ 12 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Dodatek: Wtyczka odbudowy instalacji 1 1 0 ..\2577 0 \Storage Card\AutoMapa EU\ 20 | 07/22/08 17:24:16 INFO (CInstallationInterface::BuildComponents): Dodatek: Dodatkowe ikony 1 1 0 Icons 0 \Storage Card\AutoMapa EU\ 26 | 07/22/08 17:24:17 INFO (CInstallationInterface::BuildComponents): Dodatek: Dodatkowe komunikaty 1 1 0 Voices 0 \Storage Card\AutoMapa EU\ 6 | 07/22/08 17:24:38 INFO (CInstallationInterface::SdAutoFlagOperation): Poprawnie zamknięcie pliku - flagi SDAuto | 07/22/08 17:24:38 INFO (CWizComponentsPage::OnWizardNext): Poprawne utworzenie flagi SDAuto | 07/22/08 17:24:45 INFO (CWizProgressPage::RunInstallThread): Rozpoczęcie usuwania starych plików skórek | 07/22/08 17:24:47 INFO (CWizProgressPage::RunInstallThread): Zakończenie usuwania starych plików skórek | 07/22/08 17:24:48 INFO (CInstallationInterface::CustomRun): Kopiowanie pliku Program\ppc/2577\RegisterAutoMapaToday.exe na urządzenie | 07/22/08 17:24:54 INFO (CInstallationInterface::Install): Kopiowanie plików AutoMapy | 07/22/08 17:25:34 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Program AutoMapa przebiegła pomyślnie | 07/22/08 17:25:35 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Język: Polski przebiegła pomyślnie | 07/22/08 17:26:39 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Skórka: AutoMapa przebiegła pomyślnie | 07/22/08 17:26:47 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Głos: Marzena (Polski) przebiegła pomyślnie | 07/22/08 17:26:56 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Głos: Kinga (Polski) przebiegła pomyślnie | 07/22/08 17:27:05 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Głos: Mikołaj (Polski) przebiegła pomyślnie | 07/22/08 17:27:16 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Głos: K.Hołowczyc (Polski) przebiegła pomyślnie | 07/22/08 17:27:16 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Dodatek: Wtyczka kontroli przebudzenia przebiegła pomyślnie | 07/22/08 17:27:18 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Dodatek: Wtyczka na ekranie Today przebiegła pomyślnie | 07/22/08 17:27:26 INFO (CInstallationInterface::InstallAll): Instalacja komponentu Dodatek: Wtyczka odbudowy instalacji przebiegła pomyślnie | 07/22/08 17:27:26 INFO (CInstallationInterface::Install): Pomyślne zakończenie kopiowania plików AutoMapy | 07/22/08 17:27:26 INFO (CInstallationInterface::Install): Początek rejesrtacji | 07/22/08 17:27:26 INFO (CInstallationInterface::Install): Pomyślne zakończenie rejesrtacji | 07/22/08 17:27:26 INFO (CInstallationInterface::Install): Tworzenie linku przebiegło pomyślnie | 07/22/08 17:27:34 INFO (CWizFinishPage::OnInitDialog): Usuwanie tymczasowych plików mapy | 07/22/08 17:27:34 INFO (CWizFinishPage::OnInitDialog): Usunięcie flagi SDAuto | 07/22/08 17:27:34 INFO (CWizFinishPage): Zakończenie instalacji | ] -> %SystemDrive%\AutoMapaSetupLog.txt [ NTFS ] -> [Ver = | Size = 7011 bytes | Modified Date = 2008-07-22 17:27:35 | Attr = ]
< HOSTS File > (259259 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
::1 localhost -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.asus.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4742 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4744 domain(s) found. ->
www_networld.pl [http] -> Zaufane witryny ->
poczta_onet.pl [http] -> Zaufane witryny ->
45 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:00 | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 2007-01-12 01:03:59 | Attr = R ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 181 | Size = 1404928 bytes | Modified Date = 2008-06-03 15:08:44 | Attr = ]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [ASUS Security Protect Manager] -> Bioscrypt Inc. [Ver = 2.1.078 | Size = 70928 bytes | Modified Date = 2006-11-21 00:58:59 | Attr = R ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 2007-01-12 01:04:59 | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 181 | Size = 1404928 bytes | Modified Date = 2008-06-03 15:08:44 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{07845A83-9BAC-48CA-B11E-61D5AB38CD60} -> (Microsoft Windows Mobile Remote Adapter) ->
{2781334F-ECC0-4922-A86A-9985790FC0B5} -> (Microsoft Windows Mobile Remote Adapter) ->
{3199DD5A-C709-44A3-AA3F-5A1C4763EB41} -> (Microsoft Windows Mobile Remote Adapter) ->
{363C116A-1FCB-44A3-902D-39BCFAF2B8DB} -> (Intel(R) Wireless WiFi Link 4965AGN) ->
{41CD8534-7323-4527-9007-675970E0C76C} -> (Microsoft Windows Mobile Remote Adapter) ->
{59DDC0FA-7CAB-4526-86EE-EE2138BB54ED} -> (Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
{BE88CCFD-ACD0-4294-B624-4A0B05A43E8E} -> () ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 2008-06-03 15:08:42 | Attr = R ]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/msvcr71.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/msvcr71.dll\\.Owner -> Unknown Owner ->
[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2008-08-18 15:00:49 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3220430848 bytes | Created Date = 2008-08-16 14:56:37 | Attr = HS]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 2008-08-15 15:17:25 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 2008-08-15 15:17:25 | Attr = RHS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Created Date = 2008-08-16 13:55:09 | Attr = ]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TM.blf -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TM.blf -> [Ver = | Size = 65536 bytes | Created Date = 2008-08-16 13:55:48 | Attr = HS]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Created Date = 2008-08-16 13:55:48 | Attr = HS]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Created Date = 2008-08-16 13:55:48 | Attr = HS]
DGIVECP.SYS -> %SystemRoot%\System32\drivers\DGIVECP.SYS -> Samsung Electronics Co., Ltd. [Ver = 1.1.2.40 | Size = 41984 bytes | Created Date = 2008-08-05 12:22:04 | Attr = ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 2008-08-18 12:08:53 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 2008-08-18 12:08:52 | Attr = ]
Msft_User_WpdRapi2_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2008-07-19 20:02:40 | Attr = H ]
Samsung -> %SystemRoot%\System32\drivers\Samsung -> [Folder | Created Date = 2008-08-05 12:22:05 | Attr = ]
Samsung CLP-510 Series -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series -> [Folder | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1.cat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1.cat -> [Ver = | Size = 37580 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1.inf -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1.inf -> [Ver = | Size = 8363 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1l3.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1l3.dll -> [Ver = 1.4.6.7 | Size = 22723 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1l3.SMT -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1l3.SMT -> [Ver = | Size = 409 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
CLPA1pp.ver -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\CLPA1pp.ver -> [Ver = | Size = 518 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1u.BMP -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1u.BMP -> [Ver = | Size = 14684 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
CLPA1u.ini -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\CLPA1u.ini -> [Ver = | Size = 4857 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1u1.BMP -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\clpa1u1.BMP -> [Ver = | Size = 14700 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
coinst.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\coinst.dll -> SS [Ver = 1, 0, 0, 4 | Size = 65536 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
coinst.exe -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\coinst.exe -> SS [Ver = 1, 0, 1, 0 | Size = 151552 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrv.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrv.dll -> Windows (R) 2000 DDK provider [Ver = built by: WinDDK | Size = 890368 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvcm.ctd -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvcm.ctd -> [Ver = | Size = 4384936 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvcm.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvcm.dll -> SEC [Ver = 0, 5, 2, 0 | Size = 204800 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvcp.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvcp.chm -> [Ver = | Size = 30549 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvcp.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvcp.dat -> [Ver = | Size = 47004 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvct.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvct.chm -> [Ver = | Size = 30497 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvct.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvct.dat -> [Ver = | Size = 46785 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvdn.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvdn.chm -> [Ver = | Size = 30357 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvdn.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvdn.dat -> [Ver = | Size = 56920 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvdt.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvdt.chm -> [Ver = | Size = 30323 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvdt.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvdt.dat -> [Ver = | Size = 59157 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvdu.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvdu.dll -> Windows (R) 2000 DDK provider [Ver = built by: WinDDK | Size = 371200 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrven.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrven.chm -> [Ver = | Size = 29577 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrven.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrven.dat -> [Ver = | Size = 54758 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvfi.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvfi.chm -> [Ver = | Size = 30317 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvfi.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvfi.dat -> [Ver = | Size = 57107 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvfn.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvfn.chm -> [Ver = | Size = 30723 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvfn.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvfn.dat -> [Ver = | Size = 63684 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvgr.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvgr.chm -> [Ver = | Size = 30867 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvgr.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvgr.dat -> [Ver = | Size = 61157 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvhu.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvhu.chm -> [Ver = | Size = 31407 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvhu.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvhu.dat -> [Ver = | Size = 58494 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvit.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvit.chm -> [Ver = | Size = 29975 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvit.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvit.dat -> [Ver = | Size = 59869 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvkr.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvkr.chm -> [Ver = | Size = 31205 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvkr.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvkr.dat -> [Ver = | Size = 52309 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
itdrvlf.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvlf.dll -> [Ver = | Size = 53248 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvnr.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvnr.chm -> [Ver = | Size = 29915 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvnr.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvnr.dat -> [Ver = | Size = 55770 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvo.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvo.dll -> [Ver = | Size = 217088 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpc.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpc.dll -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 19456 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpo.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpo.chm -> [Ver = | Size = 31761 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpo.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpo.dat -> [Ver = | Size = 57990 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpp.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpp.dll -> [Ver = | Size = 15318 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpt.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpt.chm -> [Ver = | Size = 30231 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvpt.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvpt.dat -> [Ver = | Size = 60818 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvru.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvru.chm -> [Ver = | Size = 31465 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvru.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvru.dat -> [Ver = | Size = 58231 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvsp.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvsp.chm -> [Ver = | Size = 30263 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvsp.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvsp.dat -> [Ver = | Size = 60655 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvsw.chm -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvsw.chm -> [Ver = | Size = 30439 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvsw.dat -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvsw.dat -> [Ver = | Size = 56189 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvu.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvu.dll -> [Ver = | Size = 704512 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvu2.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvu2.dll -> [Ver = | Size = 835584 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvua.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvua.bmp -> [Ver = | Size = 626874 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvub.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvub.bmp -> [Ver = | Size = 206278 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvuc.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvuc.bmp -> [Ver = | Size = 71336 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvucc.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvucc.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvucd.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvucd.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvuco.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvuco.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvucp.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvucp.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvucs.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvucs.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvucv.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvucv.bmp -> [Ver = | Size = 58736 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvug.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvug.bmp -> [Ver = | Size = 24840 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvul.bmp -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvul.bmp -> [Ver = | Size = 4072 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvum.dll -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvum.dll -> [Ver = 0, 3, 8, 0 | Size = 1019904 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
itdrvum.xml -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series\itdrvum.xml -> [Ver = | Size = 13577 bytes | Created Date = 2008-08-05 12:22:06 | Attr = ]
SSPORT.SYS -> %SystemRoot%\System32\drivers\SSPORT.SYS -> Samsung Electronics [Ver = 1.0 | Size = 5120 bytes | Created Date = 2008-08-05 12:22:04 | Attr = ]
avgrsstx.dll.old -> %SystemRoot%\System32\avgrsstx.dll.old -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 2008-08-15 17:26:29 | Attr = ]
clpa1ci.dll -> %SystemRoot%\System32\clpa1ci.dll -> SS [Ver = 1, 0, 0, 4 | Size = 65536 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1ci.exe -> %SystemRoot%\System32\clpa1ci.exe -> SS [Ver = 1, 0, 1, 0 | Size = 151552 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1l3.dll -> %SystemRoot%\System32\clpa1l3.dll -> [Ver = 1.4.6.7 | Size = 22723 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
clpa1l3.smt -> %SystemRoot%\System32\clpa1l3.smt -> [Ver = | Size = 409 bytes | Created Date = 2008-08-05 12:22:05 | Attr = ]
korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex -> [Ver = | Size = 11967524 bytes | Created Date = 2008-07-23 10:49:45 | Attr = ]
StructuredQuerySchema.bin -> %SystemRoot%\System32\StructuredQuerySchema.bin -> [Ver = | Size = 106605 bytes | Created Date = 2008-07-23 10:49:50 | Attr = ]
StructuredQuerySchemaTrivial.bin -> %SystemRoot%\System32\StructuredQuerySchemaTrivial.bin -> [Ver = | Size = 18904 bytes | Created Date = 2008-07-23 10:49:50 | Attr = ]
Dr. Printer Icon.ico -> %SystemRoot%\Dr. Printer Icon.ico -> [Ver = | Size = 11502 bytes | Created Date = 2008-08-05 13:33:39 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2008-07-30 21:07:30 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 2008-08-16 13:27:56 | Attr = ]
Samsung -> %SystemRoot%\Samsung -> [Folder | Created Date = 2008-08-05 12:21:52 | Attr = ]
ssndii.exe -> %SystemRoot%\ssndii.exe -> [Ver = 1, 0, 5, 3 | Size = 466944 bytes | Created Date = 2008-08-05 13:36:26 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 105 bytes | Created Date = 2008-08-15 12:03:49 | Attr = ]
[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 2008-08-18 15:00:49 | Attr = ]
Filmy -> %SystemDrive%\Filmy -> [Folder | Modified Date = 2008-08-14 23:08:59 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 3220430848 bytes | Modified Date = 2008-08-18 17:24:35 | Attr = HS]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2008-08-15 15:17:25 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2008-08-15 15:17:25 | Attr = RHS]
ntuser.dat -> %SystemDrive%\ntuser.dat -> [Ver = | Size = 262144 bytes | Modified Date = 2008-08-16 13:55:48 | Attr = ]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TM.blf -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TM.blf -> [Ver = | Size = 65536 bytes | Modified Date = 2008-08-16 14:31:48 | Attr = HS]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000001.regtrans-ms -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000001.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-08-16 14:31:48 | Attr = HS]
ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000002.regtrans-ms -> %SystemDrive%\ntuser.dat{8a37ab38-6b86-11dd-a4d7-e3b98acbedc1}.TMContainer00000000000000000002.regtrans-ms -> [Ver = | Size = 524288 bytes | Modified Date = 2008-08-16 14:31:48 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-08-18 12:08:51 | Attr = R ]
ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 2008-08-18 12:08:51 | Attr = H ]
snp2uvc-001.raw -> %SystemDrive%\snp2uvc-001.raw -> [Ver = | Size = 460824 bytes | Modified Date = 2008-08-16 19:05:24 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-08-16 13:11:54 | Attr = HS]
Windows -> %SystemRoot% -> [Folder | Modified Date = 2008-08-16 15:21:03 | Attr = ]
COH_Mon.cat -> %SystemRoot%\System32\drivers\COH_Mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 2008-07-30 17:28:04 | Attr = ]
COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 2008-07-30 17:28:04 | Attr = ]
COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 2008-07-30 17:42:12 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-08-15 12:04:36 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 259259 bytes | Modified Date = 2008-08-15 12:04:36 | Attr = R ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 2008-08-17 15:01:14 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 2008-08-17 15:01:18 | Attr = ]
Msft_User_WpdRapi2_01_00_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-07-19 20:02:40 | Attr = H ]
Samsung -> %SystemRoot%\System32\drivers\Samsung -> [Folder | Modified Date = 2008-08-05 12:22:05 | Attr = ]
Samsung CLP-510 Series -> %SystemRoot%\System32\drivers\Samsung\Samsung CLP-510 Series -> [Folder | Modified Date = 2008-08-05 12:22:06 | Attr = ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2008-07-19 20:02:36 | Attr = ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3296 bytes | Modified Date = 2008-08-18 17:24:54 | Attr = H ]
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3296 bytes | Modified Date = 2008-08-18 17:24:54 | Attr = H ]
acovcnt.exe -> %SystemRoot%\System32\acovcnt.exe -> [Ver = | Size = 45056 bytes | Modified Date = 2008-08-15 13:20:33 | Attr = ]
avgrsstx.dll.old -> %SystemRoot%\System32\avgrsstx.dll.old -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 2008-08-15 17:26:29 | Attr = ]
catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 2008-08-15 00:30:21 | Attr = ]
catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 2008-08-16 13:29:56 | Attr = ]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-08-18 15:00:49 | Attr = ]
migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 2008-08-14 15:02:33 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 101250 bytes | Modified Date = 2008-08-18 17:32:50 | Attr = ]
perfc015.dat -> %SystemRoot%\System32\perfc015.dat -> [Ver = | Size = 126908 bytes | Modified Date = 2008-08-18 17:32:50 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 587178 bytes | Modified Date = 2008-08-18 17:32:50 | Attr = ]
perfh015.dat -> %SystemRoot%\System32\perfh015.dat -> [Ver = | Size = 662056 bytes | Modified Date = 2008-08-18 17:32:50 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1468980 bytes | Modified Date = 2008-08-18 17:32:50 | Attr = ]
pl-PL -> %SystemRoot%\System32\pl-PL -> [Folder | Modified Date = 2008-08-14 15:02:34 | Attr = ]
Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 2008-07-19 20:25:03 | Attr = ]
WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 2008-08-12 11:09:22 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008-08-14 14:52:20 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 2008-08-18 17:24:39 | Attr = S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 2008-08-18 17:23:26 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-08-15 01:33:57 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-08-15 00:13:49 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-08-18 17:32:50 | Attr = ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-08-15 17:25:29 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-08-15 01:33:59 | Attr = ]
PolicyDefinitions -> %SystemRoot%\PolicyDefinitions -> [Folder | Modified Date = 2008-07-23 13:21:19 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-08-18 17:29:22 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2008-08-16 14:55:48 | Attr = ]
rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 2008-08-15 00:27:20 | Attr = ]
Samsung -> %SystemRoot%\Samsung -> [Folder | Modified Date = 2008-08-05 13:36:23 | Attr = ]
System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 2008-08-18 17:32:50 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-08-18 17:31:27 | Attr = ]
WindowsMobile -> %SystemRoot%\WindowsMobile -> [Folder | Modified Date = 2008-07-22 21:18:34 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 105 bytes | Modified Date = 2008-08-15 12:03:49 | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 2008-08-15 00:31:21 | Attr = ]
Norton Internet Security - Run Full System Scan - Piotr.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Piotr.job -> [Ver = | Size = 546 bytes | Modified Date = 2008-08-11 22:14:15 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-08-18 17:25:00 | Attr = H ]
User_Feed_Synchronization-{0603154F-EC6B-4B82-9791-22E5C9A7E47F}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{0603154F-EC6B-4B82-9791-22E5C9A7E47F}.job -> [Ver = | Size = 418 bytes | Modified Date = 2008-08-17 21:43:28 | Attr = H ]
C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 2006-11-02 15:04:06 | Attr = ]
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 2008-08-18 17:28:08 | Attr = ]
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4194304 bytes | Modified Date = 2008-08-18 17:28:08 | Attr = ]
C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2008-06-12 15:39:01 | Attr = ]
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8302 bytes | Modified Date = 2008-06-12 11:58:03 | Attr = ]
C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 2008-06-13 00:18:12 | Attr = ]
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 13248 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 1608 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 552 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 154780 bytes | Modified Date = 2008-08-18 00:42:45 | Attr = ]
C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 2008-06-11 14:56:28 | Attr = ]
Piotr.dat -> C:\ProgramData\Microsoft\User Account Pictures\Piotr.dat -> [Ver = | Size = 0 bytes | Modified Date = 2008-06-11 14:56:28 | Attr = ]
C:\Windows\Temp\ -> C:\Windows\Temp -> [Folder | Modified Date = 2008-08-18 17:31:27 | Attr = ]
LOCAL.cmd -> C:\Windows\Temp\LOCAL.cmd -> [Ver = | Size = 759 bytes | Modified Date = 2007-04-04 07:13:40 | Attr = ]
55 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
C:\Windows\Temp\Cookies\ -> C:\Windows\Temp\Cookies -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
index.dat -> C:\Windows\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-08-16 15:37:02 | Attr = HS]
C:\Windows\Temp\History\History.IE5\ -> C:\Windows\Temp\History\History.IE5\ -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
index.dat -> C:\Windows\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-08-16 15:37:02 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
index.dat -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 2008-08-16 15:37:02 | Attr = HS]
C:\Windows\Temp\History\History.IE5\ -> C:\Windows\Temp\History\History.IE5\ -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\45UUY4IH\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\45UUY4IH -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\45UUY4IH\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\GA5T5U50\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\GA5T5U50 -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\GA5T5U50\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\LL7X7N0R\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\LL7X7N0R -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\LL7X7N0R\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
C:\Windows\Temp\Temporary Internet Files\Content.IE5\W5MRV03B\ -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\W5MRV03B -> [Folder | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
desktop.ini -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\W5MRV03B\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-08-14 23:21:50 | Attr = HS]
< End of report >
[/code]
OTScanIt log was too long, so I had to put it in 2 part
Logs look fine but have you used avenger lately?
Avenger???? What is this?
You mean AVG? Yes I used it.
I mean this:
[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2008-08-18 15:00:49 | Attr = ]
But if you haven't use it that is fine :)
Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
here is the eset log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3365 (20080818)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=8aced33f720f654789958d470663d2ba
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-08-18 07:58:11
# local_time=2008-08-18 09:58:11 )
# country="Poland"
# osver=6.0.6001 NT Service Pack 1
# scanned=297490
# found=3
# scan_time=10350
C:\Users\Piotr\Desktop\OTScanIt.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000
C:\Users\Piotr\Desktop\OTScanIt.exe »ZIP »OTScanIt/OTScanIt.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000
C:\Users\Piotr\Desktop\OTScanIt\OTScanIt.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000
---------------------------------------------------------------
It looks good but Mbam still detect Trojan. Vundo.
Should I do Remove?
Malwarebytes' Anti-Malware 1.25
Wersja bazy definicji: 1065
Windows 6.0.6001 Service Pack 1
22:09:07 2008-08-18
mbam-log-08-18-2008 (22-08-53).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 144247
Upłynęło: 3 hour(s), 27 minute(s), 33 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 2
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)
Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)
Zainfekowane foldery:
(Nie wykryto groźnych plików)
Zainfekowane pliki:
(Nie wykryto groźnych plików)
"Should I do Remove?"
Yes :)
Let me know if those are gone after next scan.
Spybot and Mbam did not find anything.
This is latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:01, on 2008-08-19
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.networld.pl
O15 - Trusted Zone: http://poczta.onet.pl
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EDGE helper (edgesrv) - Unknown owner - C:\Program Files\EDGE Dialer\edgesrv.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 10778 bytes
What do you think?
Log looks good :)
Still problems?
Everything looks OK :)
Thanks for your assistance.
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can fix this, it is a leftover:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.